Richard Levitte [Thu, 9 Jun 2005 17:28:53 +0000 (17:28 +0000)]
When the return type of the function is int, it's better to return an
in than NULL, especially when an error is signalled with a negative
value.
Nils Larsch [Wed, 8 Jun 2005 22:22:33 +0000 (22:22 +0000)]
use "=" instead of "|=", fix typo
Richard Levitte [Wed, 8 Jun 2005 21:59:47 +0000 (21:59 +0000)]
Avoid endless loops. Really, we were using the same variable for two
different conditions...
Nils Larsch [Wed, 8 Jun 2005 21:19:14 +0000 (21:19 +0000)]
ssl_create_cipher_list should return an error if no cipher could be
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.
PR: 836 + 1005
Andy Polyakov [Tue, 7 Jun 2005 22:21:14 +0000 (22:21 +0000)]
"Liberate" dtls from BN dependency. Fix bug in replay/update.
Dr. Stephen Henson [Mon, 6 Jun 2005 22:39:43 +0000 (22:39 +0000)]
Fix for padding X9.31 padding check and zero padding bytes.
Andy Polyakov [Mon, 6 Jun 2005 11:58:31 +0000 (11:58 +0000)]
Allow BIO_s_file to open and sequentially access files larger than 2GB on
affected platforms.
PR: 973
Andy Polyakov [Mon, 6 Jun 2005 09:32:01 +0000 (09:32 +0000)]
FAQ to mention no-sha512 as option for compilers without support for 64-bit
integer type.
Richard Levitte [Mon, 6 Jun 2005 08:52:19 +0000 (08:52 +0000)]
Pass INSTALL_PREFIX in BUILDENV.
PR: 1100
Richard Levitte [Mon, 6 Jun 2005 08:38:05 +0000 (08:38 +0000)]
Skipping all tests just because one algorithm is disabled seems a bit harsch.
PR: 1089
Andy Polyakov [Mon, 6 Jun 2005 08:35:49 +0000 (08:35 +0000)]
Change mention of Makefile.ssl to Makefile.
Richard Levitte [Mon, 6 Jun 2005 00:50:52 +0000 (00:50 +0000)]
_GNU_SOURCE needs to be defined before any standard header.
Richard Levitte [Mon, 6 Jun 2005 00:42:24 +0000 (00:42 +0000)]
Update from 0.9.8-stable.
Richard Levitte [Mon, 6 Jun 2005 00:32:11 +0000 (00:32 +0000)]
Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER
and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true),
depending on which is true. Use those flags everywhere else to provide
the correct implementation for handling certain operations in q PQ_64BIT.
Richard Levitte [Sun, 5 Jun 2005 23:25:29 +0000 (23:25 +0000)]
Document the change and update the version number (d'oh!).
Richard Levitte [Sun, 5 Jun 2005 23:15:03 +0000 (23:15 +0000)]
Remove the incorrect installation of '%{openssldir}/lib'.
PR: 1074
Richard Levitte [Sun, 5 Jun 2005 22:42:58 +0000 (22:42 +0000)]
Change pq_compat.h to trust the macros defined by bn.h a bit more, and thereby
provide better generic support for environments that do not have 64-bit
integers. Among others, this should solve PR 1086
Richard Levitte [Sun, 5 Jun 2005 22:19:24 +0000 (22:19 +0000)]
gcc 2.95.3 on Ultrix supports long long.
PR: 1091
Richard Levitte [Sun, 5 Jun 2005 22:09:10 +0000 (22:09 +0000)]
Correct typo ia64.o -> bn-ia64.o.
PR: 1094
Richard Levitte [Sun, 5 Jun 2005 22:01:18 +0000 (22:01 +0000)]
Add support for the new Intel compiler, icc.
Submitted by Keith Thompson <kst@sdsc.edu>
PR: 1095
Richard Levitte [Sun, 5 Jun 2005 21:54:48 +0000 (21:54 +0000)]
Old typo...
PR: 1097
Richard Levitte [Sun, 5 Jun 2005 21:47:19 +0000 (21:47 +0000)]
Updated support for NetWare, submitted by Verdon Walker <VWalker@novell.com>.
PR: 1098
Andy Polyakov [Sun, 5 Jun 2005 18:13:38 +0000 (18:13 +0000)]
New function, DSO_pathbyaddr, to find pathname for loaded shared object
by an address within it. Tested on Linux, Solaris, IRIX, Tru64, Darwin,
HP-UX, Win32, few BSD flavors...
Andy Polyakov [Sun, 5 Jun 2005 18:10:19 +0000 (18:10 +0000)]
Unify BSDi target.
Andy Polyakov [Sun, 5 Jun 2005 18:03:37 +0000 (18:03 +0000)]
./PROBLEMS to mention workarounds for ULTRIX build problems.
PR: 1092
Richard Levitte [Sat, 4 Jun 2005 08:44:02 +0000 (08:44 +0000)]
The macro THREADS was changed to OPENSSL_THREADS a long time ago.
PR: 1096
Richard Levitte [Sat, 4 Jun 2005 04:18:26 +0000 (04:18 +0000)]
From 0.9.8-stable:
handshake_write_seq is an unsigned short, so treat it like one
Dr. Stephen Henson [Thu, 2 Jun 2005 23:19:56 +0000 (23:19 +0000)]
Use correct name for config file env variable.
Dr. Stephen Henson [Thu, 2 Jun 2005 20:29:32 +0000 (20:29 +0000)]
Typo.
Dr. Stephen Henson [Thu, 2 Jun 2005 20:11:16 +0000 (20:11 +0000)]
Update CHANGES.
Andy Polyakov [Thu, 2 Jun 2005 18:28:27 +0000 (18:28 +0000)]
Fix inconsistensy between 8 and HEAD.
Andy Polyakov [Thu, 2 Jun 2005 18:25:36 +0000 (18:25 +0000)]
PSS update [from 0.9.7].
Nils Larsch [Wed, 1 Jun 2005 22:35:01 +0000 (22:35 +0000)]
check return value
Dr. Stephen Henson [Wed, 1 Jun 2005 22:14:04 +0000 (22:14 +0000)]
Update from 0.9.7-stable.
Richard Levitte [Wed, 1 Jun 2005 16:24:15 +0000 (16:24 +0000)]
Synchronise yet a little more with the Unixly build
Nils Larsch [Wed, 1 Jun 2005 08:38:44 +0000 (08:38 +0000)]
clear error queue on success and return NULL if no cert could be read
PR: 1088
Nils Larsch [Tue, 31 May 2005 20:39:16 +0000 (20:39 +0000)]
fix assertion
Richard Levitte [Tue, 31 May 2005 20:28:41 +0000 (20:28 +0000)]
Synchronise more with the Unix build.
Nils Larsch [Tue, 31 May 2005 18:22:53 +0000 (18:22 +0000)]
changes from 0.9.8
Nils Larsch [Tue, 31 May 2005 17:36:06 +0000 (17:36 +0000)]
include opensslconf.h if OPENSSL_NO_* is used
Andy Polyakov [Tue, 31 May 2005 16:36:27 +0000 (16:36 +0000)]
"Show" more respect to no-sha* config options.
PR: 1086
Andy Polyakov [Tue, 31 May 2005 12:39:54 +0000 (12:39 +0000)]
Mention more GCC bugs in ./PROBLEMS.
Andy Polyakov [Tue, 31 May 2005 12:17:35 +0000 (12:17 +0000)]
Missing sparcv8.o rule.
PR: 1082
Andy Polyakov [Tue, 31 May 2005 11:34:33 +0000 (11:34 +0000)]
Fix typo in ./config.
Andy Polyakov [Tue, 31 May 2005 11:07:27 +0000 (11:07 +0000)]
Platform update from 8-stable.
Andy Polyakov [Tue, 31 May 2005 09:39:03 +0000 (09:39 +0000)]
Platform update from 8-stable.
Richard Levitte [Mon, 30 May 2005 23:26:04 +0000 (23:26 +0000)]
Merge from 0.9.8-stable.
Richard Levitte [Mon, 30 May 2005 22:51:28 +0000 (22:51 +0000)]
Merge in the new news from 0.9.8-stable.
Richard Levitte [Mon, 30 May 2005 22:37:44 +0000 (22:37 +0000)]
DJGPP changes. Contributed by Doug Kaufman <dkaufman@rahul.net>
Richard Levitte [Mon, 30 May 2005 22:34:37 +0000 (22:34 +0000)]
pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.
Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
Richard Levitte [Mon, 30 May 2005 22:26:30 +0000 (22:26 +0000)]
Synchronise with Unixly build
Richard Levitte [Mon, 30 May 2005 05:17:02 +0000 (05:17 +0000)]
Change all relevant occurences of 'ncipher' to 'chil'. That's what nCipher always wanted...
Dr. Stephen Henson [Mon, 30 May 2005 00:29:16 +0000 (00:29 +0000)]
Update from stable branch.
Geoff Thorpe [Sun, 29 May 2005 19:14:21 +0000 (19:14 +0000)]
Change the source and output paths for 'chil' and '
4758cca' engines so that
dynamic loading is consistent with respect to engine ids.
Richard Levitte [Sun, 29 May 2005 12:13:51 +0000 (12:13 +0000)]
We have some source with \r\n as line ends. DEC C informs about that,
and I really can't be bothered...
Richard Levitte [Sun, 29 May 2005 12:11:50 +0000 (12:11 +0000)]
Typo
Dr. Stephen Henson [Sat, 28 May 2005 20:44:37 +0000 (20:44 +0000)]
Add pss/x931 files.
Dr. Stephen Henson [Sat, 28 May 2005 20:44:02 +0000 (20:44 +0000)]
Update from 0.9.7-stable. Also repatch and rebuild error codes.
Bodo Möller [Fri, 27 May 2005 15:38:53 +0000 (15:38 +0000)]
Use BN_with_flags() in a cleaner way.
Dr. Stephen Henson [Fri, 27 May 2005 13:19:25 +0000 (13:19 +0000)]
Assing check_{cert,crl}_time to 'ok' variable so it returns errors on
expiry.
Bodo Möller [Thu, 26 May 2005 04:40:52 +0000 (04:40 +0000)]
make sure DSA signing exponentiations really are constant-time
Bodo Möller [Thu, 26 May 2005 04:30:49 +0000 (04:30 +0000)]
check BN_copy() return value
Geoff Thorpe [Wed, 25 May 2005 02:54:28 +0000 (02:54 +0000)]
Handle differences between engine IDs and their dynamic library names (and
source files, for that matter) by tolerating the alternatives. It would be
preferable to also change the generated shared library names, but that will
be taken up separately.
Richard Levitte [Tue, 24 May 2005 03:39:08 +0000 (03:39 +0000)]
It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512
was still active when it came down to the functions. mkdef.pl should really
be corrected, but that'll be another day...
Richard Levitte [Tue, 24 May 2005 03:27:15 +0000 (03:27 +0000)]
Typo correction
Richard Levitte [Tue, 24 May 2005 03:22:53 +0000 (03:22 +0000)]
DEC C complains about bad subscript, but we know better, so let's shut it up.
Andy Polyakov [Sun, 22 May 2005 10:27:59 +0000 (10:27 +0000)]
Be more consistent with OPENSSL_NO_SHA256.
Andy Polyakov [Sun, 22 May 2005 08:55:15 +0000 (08:55 +0000)]
OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to
make no-sha512 more effective on platforms, which don't support 64-bit
integer type of *any* kind.
Andy Polyakov [Sat, 21 May 2005 17:49:10 +0000 (17:49 +0000)]
Still SEGV trouble in .init segment under Solaris x86...
Richard Levitte [Sat, 21 May 2005 17:39:43 +0000 (17:39 +0000)]
When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
http://www.opengroup.org/onlinepubs/
007908799/xsh/compilation.html.
Notified by David Wolfe <dwolfe5272@yahoo.com>
Andy Polyakov [Sat, 21 May 2005 16:50:27 +0000 (16:50 +0000)]
Default to no-sse2 on selected platforms.
Richard Levitte [Sat, 21 May 2005 16:41:34 +0000 (16:41 +0000)]
Patches for Cygwin, provided by Corinna Vinschen <vinschen@redhat.com>
Ben Laurie [Sat, 21 May 2005 16:13:36 +0000 (16:13 +0000)]
Propagate BUILDENV into subdirectories.
Andy Polyakov [Sat, 21 May 2005 13:19:27 +0000 (13:19 +0000)]
Move _WIN32_WINNT definition from command line to e_os.h. The change is
inspired by VC6 failure report. In addition abstain from taking screen
snapshots when running in NT service context.
Nils Larsch [Fri, 20 May 2005 22:55:10 +0000 (22:55 +0000)]
fix typo, add prototype
Nils Larsch [Thu, 19 May 2005 22:10:40 +0000 (22:10 +0000)]
fix potential memory leak
Submitted by: Goetz Babin-Ebell
Nils Larsch [Thu, 19 May 2005 20:54:30 +0000 (20:54 +0000)]
update ecdsa doc
Andy Polyakov [Thu, 19 May 2005 19:54:49 +0000 (19:54 +0000)]
FAQ to mention no-sse2.
Richard Levitte [Thu, 19 May 2005 19:43:28 +0000 (19:43 +0000)]
Update status information
Nils Larsch [Thu, 19 May 2005 12:01:51 +0000 (12:01 +0000)]
fix "dereferencing type-punned pointer will break strict-aliasing rules"
warning when using gcc 4.0
Nils Larsch [Wed, 18 May 2005 22:30:38 +0000 (22:30 +0000)]
make the type parameter const when ID2_OF_const() is used
Andy Polyakov [Wed, 18 May 2005 13:35:54 +0000 (13:35 +0000)]
FAQ update to mention Applink.
Andy Polyakov [Wed, 18 May 2005 08:42:08 +0000 (08:42 +0000)]
Don't emit SSE2 instructions unless were asked to.
PR: 1073
Andy Polyakov [Wed, 18 May 2005 08:16:46 +0000 (08:16 +0000)]
Engage Applink in mingw. Note that application-side module is not
compiled into *our* aplpications. That's because mingw is always
consistent with itself. Having library-side code linked into .dll
makes it possible to deploy the .dll with user-code compiled with
another compiler [which is pretty much the whole point behind Applink].
Richard Levitte [Wed, 18 May 2005 04:04:12 +0000 (04:04 +0000)]
Version changes where needed.
Richard Levitte [Wed, 18 May 2005 03:58:34 +0000 (03:58 +0000)]
I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev.
The 0.9.8 branch is called OpenSSL_0_9_8-stable.
Andy Polyakov [Tue, 17 May 2005 16:50:46 +0000 (16:50 +0000)]
Engage Applink for VC builds.
Andy Polyakov [Tue, 17 May 2005 13:51:36 +0000 (13:51 +0000)]
Keep disclaming 16-bit support.
Nils Larsch [Tue, 17 May 2005 12:23:16 +0000 (12:23 +0000)]
simplify EC_KEY_dup
Andy Polyakov [Tue, 17 May 2005 06:57:45 +0000 (06:57 +0000)]
mdc2test is not built by default anymore.
Bodo Möller [Tue, 17 May 2005 05:52:24 +0000 (05:52 +0000)]
fix memory leak (BIO_free_all needs pointer to first BIO)
PR: 1070
Andy Polyakov [Tue, 17 May 2005 00:08:28 +0000 (00:08 +0000)]
OPENSSL_Applink update.
Andy Polyakov [Tue, 17 May 2005 00:07:13 +0000 (00:07 +0000)]
Disclaim 16-bit support.
Andy Polyakov [Tue, 17 May 2005 00:01:48 +0000 (00:01 +0000)]
Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h
first everywhere in crypto and skip stdio.h and string.h [because it
includes them].
Andy Polyakov [Mon, 16 May 2005 21:05:09 +0000 (21:05 +0000)]
Improve shell portability of new rules in Makefile.shared.
Bodo Möller [Mon, 16 May 2005 19:14:34 +0000 (19:14 +0000)]
Change wording for BN_mod_exp_mont_consttime() entry
Andy Polyakov [Mon, 16 May 2005 16:55:47 +0000 (16:55 +0000)]
Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
Andy Polyakov [Mon, 16 May 2005 14:24:45 +0000 (14:24 +0000)]
Further BUILDENV clean-up, 'make depend' is operational again.
Nils Larsch [Mon, 16 May 2005 10:11:04 +0000 (10:11 +0000)]
ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
Bodo Möller [Mon, 16 May 2005 01:43:31 +0000 (01:43 +0000)]
Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller